How HTTPS Works J. David Giese
Dec 25, 2015
Hyper Text Transfer Protocol
Browser HTTP Server
GET / HTTP/1.1HOST: edge-effect.github.ioHEADERS
BODY
HTTP/1.1 200 OKHEADERS
BODY
Response
Request
edge-effect.github.io
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
Hyper Text Transfer Protocol
Visiting a webpage …Application Layer HTTP
Transport Layer TCPInternet Layer IP
Link Layer Ethernet, etc.
Browser HTTP Server
edge-effect.github.io
Visiting a webpage …
Application Layer HTTP
TLS – Transport Layer Security
Transport Layer TCP
Internet Layer IP
Link Layer Ethernet, etc.
HTTPS == HTTP + TLS
Transport Layer Security
• Developed by Netscape in early 1990s.• Used to be called secure socket layer (SSL)• Can be used with other application layer protocols• Provides:– Privacy: Can anyone overhear “us”?– Authentication: Do I know who sent the
message?– Non-repudiation: Can I prove who the sender
was?– Integrity: Was the message tampered with?
Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.
Cryptographic Primitives:
Cryptographic Hash Function
A normal hash function with extra requirements:• infeasible to generate a message
with a given digest• infeasible to change a message
without modifying the digest• find two messages with the same
digest
• Also know as “conventional cryptography”• Same key used for encryption and decryption• Simplistic example:
Cryptographic Primitives:
Symmetric Cryptography
HELLO ALL
M PPAHQPP
KEY
A Q
E _
H M
L P
O A
_ H
…
encrypt
HELLO ALL
M PPAHQPP
decrypt
send across internet
CLIENTSERVER
KEY
A Q
E _
H M
L P
O A
_ H
…
Problem: How to share the key?
• Also know as “public key cryptography”• Two keys; Each decrypts what the other encrypts
Cryptographic Primitives:
Asymmetric Cryptography
HELLO ALL
125134223
Server’sPublic KEY
EncryptWithServer’s Public Key
HELLO ALL
125134223
Decrypt WithServer’s Private Keysend across internet
CLIENTSERVER
Server’sPrivate
KEY
Example of Asymmetric Encryption: RSA
1. Generate special numbers e, d, and n
2. Represent message as a series of integers between 0 and n – 1
3. Encrypt each integer, M, using:C = Encrypt(M) = Me mod n
4. Decrypt each integer using:M = Decrypt(C) = Md mod n
R. Rivest, A. Shamir, and L. M. Adleman, ”A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120-126.
You can’t just pick any e, d, and n
Let d = 39, e = 11, n = 35
M C = Me mod n
0 0
1 1
2 8
3 27
4 29
… …
32 8
33 27
34 34
How to pick d, e, and n
1. Pick two large primes, p and q2. Let n = p*q3. Pick d such that:
GCD(d, (p – 1)*(q – 1)) = 14. Pick e such that:
e*d = 1 mod (p – 1)*(q – 1)
Simplistic example of RSA keys
Let d = 157, e = 17, n = 2773
He mod n H = Md mod n M C = Me mod n Cd mod n
0 0 0 0 0
1 1 1 1 1
2 1037 2 741 2
3 441 3 1553 3
4 2218 4 27 4
… … … … …
2770 2332 2770 2332 2770
2771 1736 2771 1736 2771
2772 2772 2772 2772 2772
Cryptographic Primitives:
Problem with Asymmetric Cryptography
HELLO ALL
125134223
Server’sPublic KEY
EncryptWithServer’s Public Key
HELLO ALL
125134223
Decrypt WithServer’s Private Keysend across internet
CLIENTSERVER
Problem: How can the server know who sent the message?
Server’sPrivate
KEY
• Ensures that you, and only you, could have sent the message (assuming your private key is secure)
• Anyone can verify the signature
Cryptographic Primitives:
Digital Signature
1. Hash the message2. Encrypt hash with your private key3. Attach to message
Review of Cryptographic Primitives
• Cryptographic hash functionarbitrary length data fixed length hash
• Symmetric (or conventional) cryptographyone key is used for encryption and decryption
• Asymmetric (or “public key”) cryptographytwo keys: each key decrypts the what the other encrypts
• Digital Signaturehash of a message encrypted with a private key
Certificate Authority
• A “trusted” third party that associates a public key with an identity.
• Public keys of common CAs are distributed with browsers.
• Need to register with a CA to setup HTTPS for your website.
Details about TLS
Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.
CertificateAuthority
3’
Details about TLS
CertificateAuthority
3’
1. CLIENT: I want to start a connection; here are the cipher suites I support2. SERVER: Ok use this cipher suite; here is my certificate (and public key)3. CLIENT: You checked out with the CA; here is a “secret” so we can switch
to a faster symmetric encryption algorithm4. SERVER: Ok, here is a small encrypted token to proove we are on the
same page5. … Send HTTP Messages …
Perfect Forward Secrecy
Using a key pair over extended periods of time is dangerous.
Use Different Keys for each connection, and use public key only for “authentication”
More Reading
• What is the difference between a hash, a MAC, and a digital signature?